Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-11866 3Fedoraproject Libemf ProjectOpensuse 3Fedora LeapLibemf Nov 21, 2024 May 11, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.
CVE-2020-11865 3Fedoraproject Libemf ProjectOpensuse 3Fedora LeapLibemf Nov 21, 2024 May 11, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.
CVE-2020-11864 3Fedoraproject Libemf ProjectOpensuse 3Fedora LeapLibemf Nov 21, 2024 May 11, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).
CVE-2020-11863 3Fedoraproject Libemf ProjectOpensuse 3Fedora LeapLibemf Nov 21, 2024 May 11, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).
CVE-2020-12771 6Canonical DebianLinux+3 more 24A700s Firmware Active Iq Unified ManagerCloud Backup+21 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
CVE-2020-12769 5Canonical DebianLinux+2 more 23A700s Firmware Active Iq Unified ManagerCloud Backup+20 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
CVE-2020-12767 4Canonical DebianLibexif Project+1 more 4Debian Linux LeapLibexif+1 more Nov 21, 2024 May 9, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
CVE-2020-10690 6Canonical DebianLinux+3 more 22Active Iq Unified Manager Debian LinuxElement Software+19 more Nov 21, 2024 May 8, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /d...Show more There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.Show less
CVE-2020-12108 5Canonical DebianFedoraproject+2 more 6Backports Sle Debian LinuxFedora+3 more Nov 21, 2024 May 6, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
CVE-2020-10704 4Debian FedoraprojectOpensuse+1 more 4Debian Linux FedoraLeap+1 more Nov 21, 2024 May 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overf...Show more A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.Show less
CVE-2020-12672 3Debian GraphicsmagickOpensuse 4Backports Sle Debian LinuxGraphicsmagick+1 more Nov 21, 2024 May 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
CVE-2020-12656 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 May 5, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with t...Show more gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bugShow less
CVE-2020-12653 4Debian LinuxNetapp+1 more 22A700s Firmware Active Iq Unified ManagerCloud Backup+19 more Nov 21, 2024 May 5, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an...Show more An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.Show less
CVE-2020-10700 3Fedoraproject OpensuseSamba 3Fedora LeapSamba Nov 21, 2024 May 4, 2020 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This...Show more A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.Show less
CVE-2020-12641 2Opensuse Roundcube 3Backports Sle LeapWebmail Nov 4, 2025 May 4, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
CVE-2020-12640 2Opensuse Roundcube 3Backports Sle LeapWebmail Nov 21, 2024 May 4, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
CVE-2020-12625 3Debian OpensuseRoundcube 4Backports Sle Debian LinuxLeap+1 more Nov 21, 2024 May 4, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
CVE-2020-10683 5Canonical Dom4j ProjectNetapp+2 more 38Agile Plm Application Testing SuiteBanking Platform+35 more Nov 21, 2024 May 1, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe,...Show more dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.Show less
CVE-2020-11652 6Blackberry CanonicalDebian+3 more 6Application Remote Collector Debian LinuxLeap+3 more Nov 7, 2025 Apr 30, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary direc...Show more An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.Show less
CVE-2020-11651 5Canonical DebianOpensuse+2 more 5Application Remote Collector Debian LinuxLeap+2 more Nov 7, 2025 Apr 30, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without...Show more An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.Show less

Previous 1...222324...95 Next